Tag Archives: uploaded

MPAA & RIAA Demand Tough Copyright Standards in NAFTA Negotiations

Post Syndicated from Andy original https://torrentfreak.com/mpaa-riaa-demand-tough-copyright-standards-in-nafta-negotiations-170621/

The North American Free Trade Agreement (NAFTA) between the United States, Canada, and Mexico was negotiated more than 25 years ago. With a quarter of a decade of developments to contend with, the United States wants to modernize.

“While our economy and U.S. businesses have changed considerably over that period, NAFTA has not,” the government says.

With this in mind, the US requested comments from interested parties seeking direction for negotiation points. With those comments now in, groups like the MPAA and RIAA have been making their positions known. It’s no surprise that intellectual property enforcement is high on the agenda.

“Copyright is the lifeblood of the U.S. motion picture and television industry. As such, MPAA places high priority on securing strong protection and enforcement disciplines in the intellectual property chapters of trade agreements,” the MPAA writes in its submission.

“Strong IPR protection and enforcement are critical trade priorities for the music industry. With IPR, we can create good jobs, make significant contributions to U.S. economic growth and security, invest in artists and their creativity, and drive technological innovation,” the RIAA notes.

While both groups have numerous demands, it’s clear that each seeks an environment where not only infringers can be held liable, but also Internet platforms and services.

For the RIAA, there is a big focus on the so-called ‘Value Gap’, a phenomenon found on user-uploaded content sites like YouTube that are able to offer infringing content while avoiding liability due to Section 512 of the DMCA.

“Today, user-uploaded content services, which have developed sophisticated on-demand music platforms, use this as a shield to avoid licensing music on fair terms like other digital services, claiming they are not legally responsible for the music they distribute on their site,” the RIAA writes.

“Services such as Apple Music, TIDAL, Amazon, and Spotify are forced to compete with services that claim they are not liable for the music they distribute.”

But if sites like YouTube are exercising their rights while acting legally under current US law, how can partners Canada and Mexico do any better? For the RIAA, that can be achieved by holding them to standards envisioned by the group when the DMCA was passed, not how things have panned out since.

Demanding that negotiators “protect the original intent” of safe harbor, the RIAA asks that a “high-level and high-standard service provider liability provision” is pursued. This, the music group says, should only be available to “passive intermediaries without requisite knowledge of the infringement on their platforms, and inapplicable to services actively engaged in communicating to the public.”

In other words, make sure that YouTube and similar sites won’t enjoy the same level of safe harbor protection as they do today.

The RIAA also requires any negotiated safe harbor provisions in NAFTA to be flexible in the event that the DMCA is tightened up in response to the ongoing safe harbor rules study.

In any event, NAFTA should not “support interpretations that no longer reflect today’s digital economy and threaten the future of legitimate and sustainable digital trade,” the RIAA states.

For the MPAA, Section 512 is also perceived as a problem. While noting that the original intent was to foster a system of shared responsibility between copyright owners and service providers, the MPAA says courts have subsequently let copyright holders down. Like the RIAA, the MPAA also suggests that Canada and Mexico can be held to higher standards.

“We recommend a new approach to this important trade policy provision by moving to high-level language that establishes intermediary liability and appropriate limitations on liability. This would be fully consistent with U.S. law and avoid the same misinterpretations by policymakers and courts overseas,” the MPAA writes.

“In so doing, a modernized NAFTA would be consistent with Trade Promotion Authority’s negotiating objective of ‘ensuring that standards of protection and enforcement keep pace with technological developments’.”

The MPAA also has some specific problems with Mexico, including unauthorized camcording. The Hollywood group says that 85 illicit audio and video recordings of films were linked to Mexican theaters in 2016. However, recording is not currently a criminal offense in Mexico.

Another issue for the MPAA is that criminal sanctions for commercial scale infringement are only available if the infringement is for profit.

“This has hampered enforcement against the above-discussed camcording problem but also against online infringement, such as peer-to-peer piracy, that may be on a scale that is immensely harmful to U.S. rightsholders but nonetheless occur without profit by the infringer,” the MPAA writes.

“The modernized NAFTA like other U.S. bilateral free trade agreements must provide for criminal sanctions against commercial scale infringements without proof of profit motive.”

Also of interest are the MPAA’s complaints against Mexico’s telecoms laws. Unlike in the US and many countries in Europe, Mexico’s ISPs are forbidden to hand out their customers’ personal details to rights holders looking to sue. This, the MPAA says, needs to change.

The submissions from the RIAA and MPAA can be found here and here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Sync vs. Backup vs. Storage

Post Syndicated from Yev original https://www.backblaze.com/blog/sync-vs-backup-vs-storage/

Cloud Sync vs. Cloud Backup vs. Cloud Storage

Google Drive recently announced their new Backup and Sync feature for Google Drive, which allows users to select folders on their computer that they want to back up to their Google Drive account (note: these files count against your Google Drive storage limit). Whenever new backup services are announced, we get a lot of questions so I thought we should take a minute to review the differences in cloud based services.

What is the Cloud? Sync Vs Backup Vs Storage

There is still a lot of confusion in the space about what exactly the “cloud” is and how different services interact with it. When folks use a syncing and sharing service like Dropbox, Box, Google Drive, OneDrive or any of the others, they often assume those are acting as a cloud backup solution as well. Adding to the confusion, cloud storage services are often the backend for backup and sync services as well as standalone services. To help sort this out, we’ll define some of the terms below as they apply to a traditional computer set-up with a bunch of apps and data.

Cloud Sync (ex. Dropbox, iCloud Drive, OneDrive, Box, Google Drive) – these services sync folders on your computer to folders on other machines or to the cloud – allowing users to work from a folder or directory across devices. Typically these services have tiered pricing, meaning you pay for the amount of data you store with the service. If there is data loss, sometimes these services even have a rollback feature, of course only files that are in the synced folders are available to be recovered.

Cloud Backup (ex. Backblaze Cloud Backup, Mozy, Carbonite) – these services work in the background automatically. The user does not need to take any action like setting up specific folders. Backup services typically back up any new or changed data on your computer to another location. Before the cloud took off, that location was primarily a CD or an external hard drive – but as cloud storage became more readily available it became the most popular storage medium. Typically these services have fixed pricing, and if there is a system crash or data loss, all backed up data is available for restore. In addition, these services have rollback features in case there is data loss / accidental file deletion.

Cloud Storage (ex. Backblaze B2, Amazon S3, Microsoft Azure) – these services are where many online backup and syncing and sharing services store data. Cloud storage providers typically serve as the endpoint for data storage. These services typically provide APIs, CLIs, and access points for individuals and developers to tie in their cloud storage offerings directly. These services are priced “per GB” meaning you pay for the amount of storage that you use. Since these services are designed for high-availability and durability, data can live solely on these services – though we still recommend having multiple copies of your data, just in case.

What Should You Use?

Backblaze strongly believes in a 3-2-1 Backup Strategy. A 3-2-1 strategy means having at least 3 total copies of your data, 2 of which are local but on different mediums (e.g. an external hard drive in addition to your computer’s local drive), and at least 1 copy offsite. The best setup is data on your computer, a copy on a hard drive that lives somewhere not inside your computer, and another copy with a cloud backup provider. Backblaze Cloud Backup is a great compliment to other services, like Time Machine, Dropbox, and even the free-tiers of cloud storage services.

What is The Difference Between Cloud Sync and Backup?

Let’s take a look at some sync setups that we see fairly frequently.

Example 1) Users have one folder on their computer that is designated for Dropbox, Google Drive, OneDrive, or one of the other syncing/sharing services. Users save or place data into those directories when they want them to appear on other devices. Often these users are using the free-tier of those syncing and sharing services and only have a few GB of data uploaded in them.

Example 2) Users are paying for extended storage for Dropbox, Google Drive, OneDrive, etc… and use those folders as the “Documents” folder – essentially working out of those directories. Files in that folder are available across devices, however, files outside of that folder (e.g. living on the computer’s desktop or anywhere else) are not synced or stored by the service.

What both examples are missing however is the backup of photos, movies, videos, and the rest of the data on their computer. That’s where cloud backup providers excel, by automatically backing up user data with little or no set-up, and no need for the dragging-and-dropping of files. Backblaze actually scans your hard drive to find all the data, regardless of where it might be hiding. The results are, all the user’s data is kept in the Backblaze cloud and the portion of the data that is synced is also kept in that provider’s cloud – giving the user another layer of redundancy. Best of all, Backblaze will actually back up your Dropbox, iCloud Drive, Google Drive, and OneDrive folders.

Data Recovery

The most important feature to think about is how easy it is to get your data back from all of these services. With sync and share services, retrieving a lot of data, especially if you are in a high-data tier, can be cumbersome and take awhile. Generally, the sync and share services only allow customers to download files over the Internet. If you are trying to download more than a couple gigabytes of data, the process can take time and can be fraught with errors.

With cloud storage services, you can usually only retrieve data over the Internet as well, and you pay for both the storage and the egress of the data, so retrieving a large amount of data can be both expensive and time consuming.

Cloud backup services will enable you to download files over the internet too and can also suffer from long download times. At Backblaze we never want our customers to feel like we’re holding their data hostage, which is why we have a lot of restore options, including our Restore Return Refund policy, which allows people to restore their data via a USB Hard Drive, and then return that drive to us for a refund. Cloud sync providers do not provide this capability.

One popular data recovery use case we’ve seen when a person has a lot of data to restore is to download just the files that are needed immediately, and then order a USB Hard Drive restore for the remaining files that are not as time sensitive. The user gets all their files back in a few days, and their network is spared the download charges.

The bottom line is that all of these services have merit for different use-cases. Have questions about which is best for you? Sound off in the comments below!

The post Sync vs. Backup vs. Storage appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

The Pirate Bay Isn’t Affected By Adverse Court Rulings – Everyone Else Is

Post Syndicated from Andy original https://torrentfreak.com/the-pirate-bay-isnt-affected-by-adverse-court-rulings-everyone-else-is-170618/

For more than a decade The Pirate Bay has been the world’s most controversial site. Delivering huge quantities of copyrighted content to the masses, the platform is revered and reviled across the copyright spectrum.

Its reputation is one of a defiant Internet swashbuckler, but due to changes in how the site has been run in more recent times, its current philosophy is more difficult to gauge. What has never been in doubt, however, is the site’s original intent to be as provocative as possible.

Through endless publicity stunts, some real, some just for the ‘lulz’, The Pirate Bay managed to attract a massive audience, all while incurring the wrath of every major copyright holder in the world.

Make no mistake, they all queued up to strike back, but every subsequent rightsholder action was met by a Pirate Bay middle finger, two fingers, or chin flick, depending on the mood of the day. This only served to further delight the masses, who happily spread the word while keeping their torrents flowing.

This vicious circle of being targeted by the entertainment industries, mocking them, and then reaping the traffic benefits, developed into the cheapest long-term marketing campaign the Internet had ever seen. But nothing is ever truly for free and there have been consequences.

After taunting Hollywood and the music industry with its refusals to capitulate, endless legal action that the site would have ordinarily been forced to participate in largely took place without The Pirate Bay being present. It doesn’t take a law degree to work out what happened in each and every one of those cases, whatever complex route they took through the legal system. No defense, no win.

For example, the web-blocking phenomenon across the UK, Europe, Asia and Australia was driven by the site’s absolute resilience and although there would clearly have been other scapegoats had The Pirate Bay disappeared, the site was the ideal bogeyman the copyright lobby required to move forward.

Filing blocking lawsuits while bringing hosts, advertisers, and ISPs on board for anti-piracy initiatives were also made easier with the ‘evil’ Pirate Bay still online. Immune from every anti-piracy technique under the sun, the existence of the platform in the face of all onslaughts only strengthened the cases of those arguing for even more drastic measures.

Over a decade, this has meant a significant tightening of the sharing and streaming climate. Without any big legislative changes but plenty of case law against The Pirate Bay, web-blocking is now a walk in the park, ad hoc domain seizures are a fairly regular occurrence, and few companies want to host sharing sites. Advertisers and brands are also hesitant over where they place their ads. It’s a very different world to the one of 10 years ago.

While it would be wrong to attribute every tightening of the noose to the actions of The Pirate Bay, there’s little doubt that the site and its chaotic image played a huge role in where copyright enforcement is today. The platform set out to provoke and succeeded in every way possible, gaining supporters in their millions. It could also be argued it kicked a hole in a hornets’ nest, releasing the hell inside.

But perhaps the site’s most amazing achievement is the way it has managed to stay online, despite all the turmoil.

This week yet another ruling, this time from the powerful European Court of Justice, found that by offering links in the manner it does, The Pirate Bay and other sites are liable for communicating copyright works to the public. Of course, this prompted the usual swathe of articles claiming that this could be the final nail in the site’s coffin.

Wrong.

In common with every ruling, legal defeat, and legislative restriction put in place due to the site’s activities, this week’s decision from the ECJ will have zero effect on the Pirate Bay’s availability. For right or wrong, the site was breaking the law long before this ruling and will continue to do so until it decides otherwise.

What we have instead is a further tightened legal landscape that will have a lasting effect on everything BUT the site, including weaker torrent sites, Internet users, and user-uploaded content sites such as YouTube.

With The Pirate Bay carrying on regardless, that is nothing short of remarkable.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Pirate Bay Ruling is Bad News For Google & YouTube, Experts Says

Post Syndicated from Andy original https://torrentfreak.com/pirate-bay-ruling-is-bad-news-for-google-youtube-experts-says-170615/

After years of legal wrangling, yesterday the European Court of Justice handed down a decision in the case between Dutch anti-piracy outfit BREIN and ISPs Ziggo and XS4ALL.

BREIN had demanded that the ISPs block The Pirate Bay, but both providers dug in their heels, forcing the case through the Supreme Court and eventually the ECJ.

For BREIN, yesterday’s decision will have been worth the wait. Although The Pirate Bay does not provide the content that’s ultimately downloaded and shared by its users, the ECJ said that it plays an important role in how that content is presented.

“Whilst it accepts that the works in question are placed online by the users, the Court highlights the fact that the operators of the platform play an essential role in making those works available,” the Court said.

With that established the all-important matter is whether by providing such a platform, the operators of The Pirate Bay are effectively engaging in a “communication to the public” of copyrighted works. According to the ECJ, that’s indeed the case.

“The Court holds that the making available and management of an online sharing platform must be considered to be an act of communication for the purposes of the directive,” the ECJ said.

Add into the mix that The Pirate Bay generates profit from its activities and there’s a potent case for copyright liability.

While the case was about The Pirate Bay, ECJ rulings tend to have an effect far beyond individual cases. That’s certainly the opinion of Enzo Mazza, chief at Italian anti-piracy group FIMI.

“The ruling will have a major impact on the way that entities like Google operate, because it will expose them to a greater and more direct responsibility,” Mazza told La Repubblica.

“So far, Google has worked against piracy by eliminating illegal content after it gets reported. But that is not enough. It is a fairly ineffective intervention.”

Mazza says that platforms like Google, YouTube, and thousands of similar sites that help to organize and curate user-uploaded content are somewhat similar to The Pirate Bay. In any event, they are not neutral intermediaries, he insists.

The conclusion that the decision is bad for platforms like YouTube is shared by Fulvio Sarzana, a lawyer with Sarzana and Partners, a law firm specializing in Internet and copyright disputes.

“In the ruling, the Court has in fact attributed, for the first time, secondary liability to sharing platforms due to the violation of copyrights carried out by the users of a platform,” Sarzana informs TF.

“This will have consequences for video-sharing platforms and user-generated content sites like YouTube, but it excludes responsibility for platforms that play a purely passive role, without affecting users’ content. This the case with cyberlockers, for example.”

Sarzana says that “unfortunate judgments” like this should be expected, until the approval of a new European copyright law. Enzo Mazza, on the other hand, feels that the copyright reform debate should take account of this ruling when formulating legislation to stop platforms like YouTube exploiting copyright works without an appropriate license.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

A rather dandy Pi-assisted Draisine

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/dandy-draisine/

It’s time to swap pedal power for relaxed strides with the Raspberry Pi-assisted Draisine from bicyle-modding pro Prof. Holger Hermanns.

Raspberry PI-powered Dandy Horse Draisine

So dandy…

A Draisine…

If you have children yourself or have seen them in the wild on occasion, you may be aware of how much they like balance bikes – bicycle frames without pedals, propelled by striding while sitting on the seat. It’s a nice way for children to take the first steps (bah-dum tss) towards learning to ride a bicycle. However, between 1817, when the balance bike (also known as a draisine or Dandy Horse) was invented by Karl von Drais, and the introduction of the pedal bike around 1860, this vehicle was the new, fun, and exciting way to travel for everyone.

Raspberry PI-powered Dandy Horse Draisine

We can’t wait for the inevitable IKEA flatpack release

Having previously worked on wireless braking systems for bicycles, Prof. Hermanns is experienced in adding tech to two wheels. Now, he and his team of computer scientists at Germany’s Saarland University have updated the balance bike for the 21st century: they built the Draisine 200.0 to explore pedal-free, power-assisted movement as part of the European Research Council-funded POWVER project.

With this draisine, his team have created a beautiful, fully functional final build that would look rather fetching here on the bicycle-flooded streets of Cambridge.

The frame of the bike, except for the wheel bearings and the various screws, is made of Okoumé wood, which looks somewhat rose, has fine nerves (which means that it is easy to mill) and seems to have excellent weather resistance.

Draisine 200.0

Uploaded by ecomento.tv on 2017-06-08.

…with added Pi!

Within the wooden body of the draisine lies a array of electrical components, including a 200-watt rear hub motor, a battery, an accelerometer, a magnetic sensor, and a Raspberry Pi. Checking the accelerometer and reading wheel-embedded sensors 150 times per second (wow!), the Pi activates the hub motor to assist the draisine, which allows it to reach speeds of up to 16mph (25km/h – wow again!).

Raspberry PI-powered Dandy Horse Draisine

The inner workings of the Draisine 200.0

More detailed information on the Draisine 200.0 build can be found here. Hermanns’s team also plan to release the code for the project once confirmation of no licence infringement has been given.

Take to the road

We’ve seen a variety of bicycle-oriented Pi builds that improve safety and help with navigation. But as for electricity-assisted Pi bikes, this one may be the first, and it’s such a snazzy one at that!

If you’d like to see more cycle-based projects using the Raspberry Pi, check out Matt’s Smart Bike Light, David’s bike computer, and, for the fun of it, the Pi-powered bicycle beer dispenser we covered last month.

The Pi Towers hive mind is constantly discussing fun new ways for its active cycling community to use the Raspberry Pi, and we’d love to hear your ideas as well! So please do share them in the comments below.

The post A rather dandy Pi-assisted Draisine appeared first on Raspberry Pi.

Popular Release Group ShAaNiG Permanently Shuts Down

Post Syndicated from Andy original https://torrentfreak.com/popular-release-group-shaanig-permanently-shuts-down-170612/

While there are dozens of torrent release groups in operation today, some providing extremely high quality work, every few years a notable ‘brand’ group appears.

Two of the most famous from recent memory were aXXo and YIFY. Neither were known for historic individual releases or world-beating quality, but both were particularly consistent. An aXXo or YIFY label on an official torrent assured the potential downloader they would be getting a ‘McDonalds-quality’ product; never haute cuisine but just enough taste and in enough volume to fill people up.

As a result, these groups gained millions of followers, something that put anti-piracy targets on their backs. No surprise then that neither are around today, with YIFY subjected to legal action in New Zealand and aXXo….well, no one seems to know.

With those groups gone, there was a gap in the market for a similar product. Popular releases delivered to the masses in small file sizes is clearly a recipe for success and an existing group called ShAaNiG decided to step in to take up some of the slack.

What followed was thousands of ShAaNiG movie and TV show releases, which were uploaded to The Pirate Bay and direct download sites. They also took pride of place on the group’s forum at Shaanig.org, where they were neatly organized into relevant categories.

ShAaNiG’s release forum

But like aXXO and YIFY before it, something went wrong at ShAaNiG. After publishing a couple of releases on Saturday, including a Blu-ray rip of the movie Jawbone and an episode of TV show Outcast, ShAaNiG unexpectedly threw in the towel. A notice on the group’s homepage gives no reason for the sudden shutdown but makes it clear that ShAaNiG won’t be coming back.

“ShAaNiG has shut down permanently,” it reads. “Every journey must come to an end, This is the end of our journey. Thank you for all your support.”

While there are only so many ways to say that a site has been shut down for good, the first sentence is identical to the one used by ExtraTorrent when it closed down last month.

Another potentially interesting similarity is that both ExtraTorrent and ShAaNiG had huge followings in India, with both sites indexing a lot of local content, especially movies.

More than 30% of ShAaNiG’s traffic came from India, with much of it driven from The Pirate Bay where more than a thousand releases live on today. When ExtraTorrent shut down, around 40% of the new traffic arriving at another popular platform came from India.

Whether the Indian connection is pure coincidence remains to be seen, but it seems possible if not likely that some kind of legal pressure played a part in the demise of both. However, if the situation plays out in the same manner, we’ll hear no more and like ExtraTorrent, ShAaNiG will simply fade away.

While that will come as a huge disappointment to ShAaNiG fans, other file-sharers are likely to have less sympathy. Like aXXo and YIFY before it, ShAaNiG was rarely (if ever) the source of the material it released, instead preferring to re-encode existing releases. For some pirates, that’s a red line that should never be crossed.

Whether a new group will rise phoenix-like from the ashes will remain to be seen but as these ‘brand’ groups have established time and again, there’s always a market for passable quality movie releases, if they come in a compact file-size.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Usenet Provider is Obliged to Identify Pirates, Court Rules

Post Syndicated from Ernesto original https://torrentfreak.com/usenet-provider-has-to-identify-pirates-court-rules-170609/

Dutch anti-piracy group BREIN has targeted pirates of all shapes and sizes over the past several years.

It’s also one of the few groups that actively tracks down copyright infringers on Usenet, which still has millions of frequent users.

BREIN sets its aim on prolific uploaders and other large-scale copyright infringers. After identifying its targets, it asks providers to reveal the personal details connected to the account.

Last December, BREIN asked Usenet provider Eweka to hand over the personal details of one of its former customers but the provider refused to cooperate voluntarily.

In its defense, the Usenet provider argued that it’s a neutral intermediary that would rather not perform the role of piracy police. Instead, it preferred to rely on the court to make a decision.

The provider had already taken a similar position earlier last year, but the Court of Haarlem ruled that it must hand over the information.

In a new ruling this week, the Court issued a similar order.

The Court stressed that in these type of situations the Usenet provider is required to hand over the requested details, without intervention from the court. This is in line with case law.

Under Dutch law, ISPs can be obliged to hand over the personal details of their customers if the infringing activity is plausible and the aggrieved party has a legitimate interest.

The former Eweka customer was known under the alias ‘Badfan69’ and previously uploaded 9,538 allegedly infringing works to Usenet, Tweakers reports. He was tracked down through information from the headers of the binaries he posted.

BREIN is pleased with the verdict, which once again strengthens its position in cases where third-party providers hold information on infringing customers.

“Most of the intermediaries adhere to the law and voluntarily provide the relevant data when BREIN makes a motivated request,” BREIN director Tim Kuik responds.

“They have to decide quickly because rightsholders have an interest in stopping uploaders and holding them liable as soon as possible. This sentence emphasizes this once again.”

The court ordered Eweka to pay legal fees of roughly 1,500 euros. In addition, the provider faces a penalty of 1,000 euros per day, to a maximum of 100,000 euros, if it fails to hand over the requested information in its possession.

Eweka hasn’t commented publicly on the verdict yet. But, with two rulings in favor of BREIN, it is unlikely that the provider will continue to fight similar cases in the future.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

European Astro Pi: Mission complete

Post Syndicated from David Honess original https://www.raspberrypi.org/blog/european-astro-pi-mission-complete/

In October last year, with the European Space Agency and CNES, we launched the first ever European Astro Pi challenge. We asked students from all across Europe to write code for the flight of French ESA astronaut Thomas Pesquet to the International Space Station (ISS) as part of the Proxima mission.

The winners were announced back in March, and since then their code has been uploaded to the ISS and run in space!

Thomas Pesquet aboard the ISS with the Astro Pi units

French ESA astronaut Thomas Pesquet with the Astro Pi units. Image credit ESA.

Code from 64 student teams ran between 28 April and 10 May, supervised by Thomas, in the European Columbus module.

Astro Pi on Twitter

We can confirm student programs are finished, results are downloaded from @Space_Station and teams will receive their​ data by next week 🛰️📡

On 10 May the results, data, and log files were downloaded to the ground, and the following week they were emailed back to the student teams for analysis.

Ecole St-André d’E on Twitter

On vient de recevoir les données enregistrées par nos codes #python depuis l’ #iss @CNES @astro_pi @Thom_astro . Reste à analyser tout ça!

We’ve looked at the results, and we can see that many of the teams have been successful in their missions: congratulations to all of you! We look forward to reading your write-ups and blogs.

In pictures

In a surprise turn of events, we learnt that Thomas set up a camera to take regular pictures of the Astro Pi units for one afternoon. This was entirely voluntary on his part and was not scheduled as part of the mission. Thank you so much, Thomas!

Some lucky teams have some very nice souvenirs from the ISS. Here are a couple of them:

Astro Pi units on the ISS photographed by Thomas Pesquet

Juvara team – Italy (left) and South London Raspberry Jam – UK (right). Image credit ESA.

Astro Pi units on the ISS photographed by Thomas Pesquet

Astro Team – Italy (left) and AstroShot – Greece (right). Image credit ESA.

Until next time…

This brings the 2016/17 European Astro Pi challenge to a close. We would like to thank all the students and teachers who participated; the ESA Education, Integration and Implementation, Ground Systems, and Flight Control teams; BioTesc (ESA’s user operations control centre for Astro Pi); and especially Thomas Pesquet himself.

Thomas and Russian Soyuz commander Oleg Novitskiy return to Earth today, concluding their six-month stay on the ISS. After a three-hour journey in their Soyuz spacecraft, they will land in the Kazakh steppe at approximately 15:09 this afternoon. You can watch coverage of the departure, re-entry, and landing on NASA TV.

Astro Pi has been a hugely enjoyable project to work on, and we hope to be back in the new school year (2017-18) with brand-new challenges for teachers and students.

 

The post European Astro Pi: Mission complete appeared first on Raspberry Pi.

EU Piracy Filter Proposals Being Sabotaged Says MEP Julia Reda

Post Syndicated from Andy original https://torrentfreak.com/eu-piracy-filter-proposals-being-sabotaged-says-mep-julia-reda-170601/

After complaining about “rogue” sites and services for more than 15 years, the music business is now concentrating on the so-called “value gap”.

The theory is that platforms like YouTube are able to avoid paying expensive licensing fees for music by exploiting the safe harbor protections of the DMCA and similar legislation. Effectively, pirate music uploaded by site users becomes available to the public at no cost to the platform and due to safe harbor rules, there is no legal recourse for the labels.

To close this loophole, the EU is currently moving forward with reforms that could limit the protections currently enjoyed by platforms like YouTube. In short, sites that allow users to upload content will be forced to partner up with content providers to aggressively filter all user uploads for infringing content, thus limiting the number of infringing works eventually communicated to the public.

Even as they stand the proposals are being heavily protested (1,2,3) but according to Member of the European Parliament Julia Reda, a new threat has appeared on the horizon.

Ahead of a crucial June 8 vote on how to move forward, Reda says that some in the corridors of power are now “resorting to dirty tactics” to defend and extend the already “disastrous plans” by any means.

Specifically, Reda accuses MEP Pascal Arimont from the European People’s Party (EPP) of trying to sabotage the Parliamentary process, by going behind negotiators’ backs and pushing a new filtering proposal text that makes the “original bad proposal look tame in comparison.”

Reda says that in the face of other MEPs’ efforts to come up with a compromise text upon which all of them are agreed, Arimont has been encouraging some MEPs to rebel against their negotiators. He wants them to support his own super-aggressive “alternative compromise” text that shows disregard for the Charter of Fundamental Rights and principles of EU law.

Arimont’s text is certainly an interesting read and a document that could have been formulated by the record labels themselves. It tightens just about every aspect of the text proposed by the Commission while running all over the compromise text put together by Reda and other MEPs.

For example, where others are agreed on the phrase “Where information society
service providers store and provide access to the public to copyright protected works or other subject-matter uploaded by their users”, Arimont’s text removes the key word “store”.

This means that his filtering demands go beyond sites like YouTube that actually host content, to encompass those that merely carry links. It doesn’t take much imagination to see the potential for chaos there.

Also, where the Commission is happy with the proposed rules only affecting sites that store and provide access to “large amounts” of copyright protected works uploaded by users, Arimont wants the “store” part removed and “large” changed to “significant”.

“[Arimont] doesn’t want [filtering rules] to just apply to services hosting ‘large amounts’ of copyrighted content, as proposed by the Commission, but to any service facilitating the availability of such content, even if the service is not actually hosting anything at all,” Reda explains.

The text also ignores proposals by MEPs that anti-piracy measures to be taken by platforms should be proportionate to their profit and size. That being said, Arimont does accept that start-ups would probably face “insurmountable financial obstacles” if required to deploy filtering technologies, so he proposes they should be exempt.

While that sounds reasonable, any business that’s over five years old would need to comply and Reda warns that the threshold could be set particularly low.

“So if you’ve been self-employed for more than 5 years, rules the Commission wrote with the likes of YouTube and Facebook in mind would suddenly also apply to your personal website,” she warns.

But Arimont’s proposal goes further still and has the potential to have privacy advocates up in arms.

In order to check that all user uploaded content is non-infringing, platforms would necessarily be required to check every single piece of data uploaded by users. This raises considerable privacy concerns and potential conflicts with EU law, for instance with Article 15 of the E-Commerce Directive, which prohibits general monitoring obligations for service providers.

Indeed, during the Netlog filtering case that went before the EU Court of Justice (CJEU) in 2012, the Court held that requiring an online platform to install broad piracy filters is incompatible with EU law.

Nevertheless, Arimont sees bridging the “value gap” as somehow different.

“The use of technical measures is essential for the functioning of online licensing and rights management purposes. Such technical measures therefore do not require the identity of uploaders and hence do not pose any risk for privacy of individual end users,” his proposal reads.

“Furthermore, those technical measures involve a highly targeted technical cooperation of rightholders and information society service providers based on the data provided by rightholders, and therefore do not lead to general obligation to monitor and find facts about the content.”

But what should really raise alarm bells for user-uploaded content platforms is how Arimont proposes to strip them of their safe harbor protections, if they optimize the presentation of that content to users. That, as Reda points out, could be something as benign as listing content in alphabetical order.

Julia Reda’s article has some information at the end for those who want to protest Arimont’s proposals (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Pornhub Piracy Stopped Me Producing Porn, Jenna Haze Says

Post Syndicated from Andy original https://torrentfreak.com/pornhub-piracy-stopped-me-producing-porn-jenna-haze-says-170531/

Last week, adult ‘tube’ site Pornhub celebrated its 10th anniversary, and what a decade it was.

Six months after its May 2007 launch, the site was getting a million visitors every day. Six months after that, traffic had exploded five-fold. Such was the site’s success, by November 2008 Pornhub entered the ranks of the top 100 most-visited sites on the Internet.

As a YouTube-like platform, Pornhub traditionally relied on users to upload content to the site. Uploaders have to declare that they have the rights to do so but it’s clear that amid large quantities of fully licensed material, content exists on Pornhub that is infringing copyright.

Like YouTube, however, the site says it takes its legal responsibilities seriously by removing content whenever a valid DMCA notice is received. Furthermore, it also has a Content Partner Program which allows content owners to monetize their material on the platform.

But despite these overtures, Pornhub has remained a divisive operation. While some partners happily generate revenue from the platform and use it to drive valuable traffic to their own sites, others view it as a parasite living off their hard work. Today those critics were joined by one of the biggest stars the adult industry has ever known.

After ten years as an adult performer, starring in more than 600 movies (including one that marked her as the first adult performer to appear on Blu-ray format), in 2012 Jenna Haze decided on a change of pace. No longer interested in performing, she headed to the other side of the camera as a producer and director.

“Directing is where my heart is now. It’s allowed me to explore a creative side that is different from what performing has offered me,” she said in a statement.

“I am very satisfied with what I was able to accomplish in 10 years of performing, and now I’m enjoying the challenges of being on the other side of the camera and running my studio.”

But while Haze enjoyed success with 15 movies, it wasn’t to last. The former performer eventually backed away from both directing and producing adult content. This morning she laid the blame for that on Pornhub and similar sites.

It all began with a tweet from Conan O’Brien, who belatedly wished Pornhub a happy 10th anniversary.

In response to O’Brien apparently coming to the party late, a Twitter user informed him how he’d been missing out on Jenna Haze. That drew a response from Haze herself, who accused Pornhub of pirating her content.

“Please don’t support sites like porn hub,” she wrote. “They are a tube site that pirates content that other adult companies produce. It’s like Napster!”

In a follow-up, Haze went on to accuse Pornhub of theft and blamed the site for her exit from the business.

“Well they steal my content from my company, as do many other tube sites. It’s why I don’t produce or direct anymore,” Haze wrote.

“Maybe not all of their content is stolen, but I have definitely seen my content up there, as well as other people’s content.”

Of course, just like record companies can do with YouTube, there’s always the option for Haze to file a DMCA notice with Pornhub to have offending content taken down. However, it’s a route she claims to have taken already, but without much success.

“They take the videos down and put [them] back up. I’m not saying they don’t do legitimate business as well,” she said.

While Pornhub has its critics, the site does indeed do masses of legitimate business. The platform is owned by Mindgeek, whose websites receive a combined 115 million visitors per day, fueled in part by content supplied by Brazzers and Digital Playground, which Mindgeek owns. That being said, Mindgeek’s position in the market has always been controversial.

Three years ago, it became evident that Mindgeek had become so powerful in the adult industry that performers (some of whom felt their content was being exploited by the company) indicated they were scared to criticize it.

Adult actress and outspoken piracy critic Tasha Reign, who also had her videos uploaded to Pornhub without her permission, revealed she was in a particularly tight spot.

“It’s like we’re stuck between a rock and a hard place in a way, because if I want to shoot content then I kinda have to shoot for [Mindgeek] because that’s the company that books me because they own…almost…everything,” Reign said.

In 2017, Mindgeek’s dominance is clearly less of a problem for Haze, who is now concentrating on other things. But for those who remain in the industry, Mindgeek is a force to be reckoned with, so criticism will probably remain somewhat muted.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Huge Coalition Protests EU Mandatory Piracy Filter Proposals

Post Syndicated from Andy original https://torrentfreak.com/huge-coalition-protests-eu-mandatory-piracy-filter-proposals-170530/

Last September, EU Commission President Jean-Claude Juncker announced plans to modernize copyright law in Europe.

The proposals (pdf) are part of the Digital Single Market reforms, which have been under development for the past several years.

The proposals cover a broad range of copyright-related issues, but one stands out as being particularly controversial. Article 13 requires certain online service providers to become deeply involved in the detection and policing of allegedly infringing copyright works, uploaded to their platforms by users.

Although its effects will likely be more broad, the proposal is targeted at the so-called “value gap” (1,2,3), i.e the notion that platforms like YouTube are able to avoid paying expensive licensing fees (for music in particular) by exploiting the safe harbor protections of the DMCA and similar legislation.

To close this loophole using Article 13, services that provide access to “large amounts” of user-uploaded content would be required to cooperate with rightsholders to prevent infringing works being communicated to the public.

This means that platforms like YouTube would be forced to take measures to ensure that their deals with content providers to distribute official content are protected by aggressive anti-piracy mechanisms.

The legislation would see platforms forced to deploy content-recognition, filtering and blocking mechanisms, to ensure that only non-infringing content is uploaded in the first place, thus limiting the chances that unauthorized copyrighted content will be made available to end users.

Supporters argue that the resulting decrease in availability of infringing content will effectively close the “value gap” but critics see the measures as disproportionate, likely to result in censorship (no provision for fair use), and a restriction of fundamental freedoms. Indeed, there are already warnings that such a system would severely “restrict the way Europeans create, share, and communicate online.”

The proposals have predictably received widespread support from entertainment industry companies across the EU and the United States, but there are now clear signs that the battle lines are being drawn.

On one side are the major recording labels, movie studios, and other producers. On the other, companies and platforms that will suddenly become more liable for infringing content, accompanied by citizens and scholars who feel that freedoms will be restricted.

The latest sign of the scale of opposition to Article 13 manifests itself in an open letter to the European Parliament. Under the Copyright for Creativity (C4C) banner and signed by the EFF, Creative Commons, Wikimedia, Mozilla, EDRi, Open Rights Group plus sixty other organizations, the letter warns that the proposals will cause more problems than they solve.

“The European Commission’s proposal on copyright in the Digital Single Market failed to meet the expectations of European citizens and businesses. Instead of supporting Europeans in the digital economy, it is backward looking,” the groups say.

“We need European lawmakers to oppose the most damaging aspects of the proposal, but also to embrace a more ambitious agenda for positive reform.”

In addition to opposing Article 11 (the proposed Press Publishers’ Right), the groups ask the EU Parliament not to impose private censorship on EU citizens via Article 13.

“The provision on the so-called ‘value gap’ is designed to provoke such legal uncertainty that online services will have no other option than to monitor, filter and block EU citizens’ communications if they want to have any chance of staying in business,” the groups write.

“The Commission’s proposal misrepresents some European Court rulings and seeks to impose contradictory obligations on Member States. This is simply bad regulation.”

Calling for the wholesale removal of Article 13 from the copyright negotiations, the groups argue that the reforms should be handled in the appropriate contexts.

“We strenuously oppose such ill thought through experimentation with intermediary liability, which will hinder innovation and competition and will reduce the opportunities available to all European businesses and citizens,” they add.

C4C concludes by calling on lawmakers to oppose Article 13 while seeking avenues for positive reform.

The full letter can be found here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

The Fleischer 100: Pi-powered sound effects

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/fleischer-100/

If there’s one thing we like more than a project video, it’s a project video that has style. And that’s exactly what we got for the Fleischer 100, a Raspberry Pi-powered cartoon sound effects typewriter created by James McCullen.

The Fleischer 100 | Cartoon Sound Effects Toy

The goal of this practical project was to design and make a hardware device that could play numerous sound effects by pressing buttons and tweaking knobs and dials. Taking inspiration from old cartoons of the 1930s in particular – the sound effects would be in the form of mostly conventional musical instruments that were often used to create sound effects in this period of animation history.

The golden age of Foley

Long before the days of the drag-and-drop sound effects of modern video editing software, there were Foley artists. These artists would create sound effects for cartoons, films, and even live performances, often using everyday objects. Here are Orson Welles and the King of Cool himself, Dean Martin, with a demonstration:

Dean Martin & Orson Welles – Early Radio/Sound Effects

Uploaded by dino4ever on 2014-05-26.

The Fleischer 100

“The goal of this practical project was to design and make a hardware device that could be used to play numerous sound effects by pressing buttons and tweaking knobs and dials,” James says, and explains that he has been “taking inspiration from old cartoons of the 1930s in particular”.

The Fleischer 100

Images on the buttons complete the ‘classic cartoon era’ look

With the Fleischer 100, James has captured that era’s look and feel. Having recorded the majority of the sound effects using a Rode NT2-A microphone, he copied the sound files to a Raspberry Pi. The physical computing side of building the typewriter involved connecting the Pi to multiple buttons and switches via a breadboard. The buttons are used to play back the files, and both a toggle and a rotary switch control access to the sound effects – there are one hundred in total! James also made the costumized housing to achieve an appearance in line with the period of early cartoon animation.

The Fleischer 100

Turning the typewriter roller selects a new collection of sound effects

Regarding the design of his device, James was particularly inspired by the typewriter in the 1930s Looney Tunes short Hold Anything – and to our delight, he decided to style the final project video to match its look.

Hold Anything – Looney Tunes (HD)

Release date 1930 Directed by Hugh Harman Rudolf Ising Produced by Hugh Harman Rudolf Ising Leon Schlesinger(Associate Producer) Voices by Carman Maxwell Rochelle Hudson (both uncredited) Music by Frank Marsales Animation by Isadore Freleng Norm Blackburn Distributed by Warner Bros.

We wish we had a Fleischer 100 hidden under a desk at Pi Towers with which to score office goings-on…

The post The Fleischer 100: Pi-powered sound effects appeared first on Raspberry Pi.

No, ExtraTorrent Has Not Been Resurrected

Post Syndicated from Ernesto original https://torrentfreak.com/no-extratorrent-has-not-been-resurected-170524/

Last week the torrent community entered a state of shock when another major torrent site closed its doors.

Having served torrents to the masses for over a decade, ExtraTorrent decided to throw in the towel, without providing any detail or an apparent motive.

The only strong message sent out by ExtraTorrent’s operator was to “stay away from fake ExtraTorrent websites and clones.”

Fast forward a few days and the first copycats have indeed appeared online. While this was expected, it’s always disappointing to see “news” sites including the likes of Forbes and The Inquirer are giving them exposure without doing thorough research.

“We are a group of uploaders and admins from ExtraTorrent. As you know, SAM from ExtraTorrent pulled the plug yesterday and took all data offline under pressure from authorities. We were in deep shock and have been working hard to get it back online with all previous data,” the email, sent out to several news outlets read.

What followed was a flurry of ‘ExtraTorrent is back’ articles and thanks to those, a lot of people now think that Extratorrent.cd is a true resurrection operated by the site’s former staffers and fans.

However, aside from its appearance, the site has absolutely nothing to do with ET.

The site is an imposter operated by the same people who also launched Kickass.cd when KAT went offline last summer. In fact, the content on both sites doesn’t come from the defunct sites they try to replace, but from The Pirate Bay.

Yes indeed, ExtraTorrent.cd is nothing more than a Pirate Bay mirror with an ExtraTorrent skin.

There are several signs clearly showing that the torrents come from The Pirate Bay. Most easy to spot, perhaps, is a comparison of search results which are identical on both sites.

Chaparall seach on Extratorrent.cd

The ExtraTorrent “resurrection” even lists TPB’s oldest active torrent from March 2004, which was apparently uploaded long before the original ExtraTorrent was launched.

Chaparall search on TPB

TorrentFreak is in touch with proper ex-staffers of ExtraTorrent who agree that the site is indeed a copycat. Some ex-staffers are considering the launch of a new ET version, just like the KAT admins did in the past, but if that happens, it will take a lot more time.

“At the moment we are all figuring out how to go about getting it back up and running in a proper fashion, but as you can imagine there a lot of obstacles and arguments, lol,” ex-ET admin Soup informed us.

So, for now, there is no real resurrection. ExtraTorrent.cd sells itself as much more than it is, as it did with Kickass.cd. While the site doesn’t have any malicious intent, aside from luring old ET members under false pretenses, people have the right to know what it really is.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Copyright Troll Attorney John Steele Disbarred by Illinois Supreme Court

Post Syndicated from Ernesto original https://torrentfreak.com/copyright-troll-attorney-john-steele-disbarred-by-illinois-supreme-court-170522/

Over the years, copyright trolls have been accused of involvement in various dubious schemes and actions, but there’s one group that has gone above and beyond.

Prenda Law grabbed dozens of headlines, mostly surrounding negative court rulings over identity theft, misrepresentation and even deception.

Most controversial was the shocking revelation that Prenda uploaded their own torrents to The Pirate Bay, creating a honeypot for the people they later sued over pirated downloads.

The allegations also raised the interest of the US Department of Justice, which indicted Prenda principals John Steele and Paul Hansmeier late last year. The two stand accused of running a multi-million dollar fraud and extortion operation.

A few weeks ago Steele pleaded guilty, admitting among other things that they did indeed use The Pirate Bay to operate a honeypot for online pirates.

Following the guilty plea the Illinois Supreme Court, which started looking into the case long before the indictment, has now decided to disbar the attorney. This means that Steele no longer has the right to practice law.

The decision doesn’t really come as a surprise. Steele has admitted to two of the 18 counts listed in the indictment, including some of the allegations that were also listed by the Supreme Court.

In its conclusion, the Court lists a variety of misconduct including “conduct involving dishonesty, fraud, deceit, or misrepresentation, by conduct including filing lawsuits without supporting facts, under the names of entities like Ingenuity 13 and AF Holdings, which were created by Movant for purposes of exacting settlements.”

Also, Steele’s trolling operation was “using means that had no substantial purpose other than to embarrass or burden a third person, or using methods of obtaining evidence that violates the legal rights of such a person…,” the Supreme Court writes.

Steele was disbarred “on consent,” according to Cook County Record, which means that he agreed to have his Illinois law practice license revoked.

The disbarment is not unexpected considering Steele’s guilty plea. However, victims of the Prenda trolling scheme may still welcome it as a form of justice. Meanwhile, Steele has bigger problems to worry about.

The former Prenda attorney is still awaiting his sentencing in the criminal case. In theory, he faces a statutory maximum sentence of 40 years in prison as well as a criminal fine of hundreds of thousands of dollars. However, by signing a plea agreement, he likely gets a reduced sentence.

The Illnois Supreme Court conclusions are available here (pdf), courtesy of Fight Copyright Trolls.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Fake ‘Pirates Of The Caribbean’ Leaks Troll Pirates and Reporters

Post Syndicated from Ernesto original https://torrentfreak.com/fake-pirates-of-the-caribbean-leaks-troll-pirates-and-reporters-170520/

Earlier this week, news broke that Disney was being extorted by hackers who were threatening to release an upcoming film, reportedly ‘Pirates of the Caribbean: Dead Men Tell No Tales.’

This prompted pirates and reporters to watch torrent sites for copies of the film, and after a few hours the first torrents did indeed appear.

The initial torrent spotted by TF was just over 200MB, which is pretty small. As it turned out, the file was fake and linked to some kind of survey scam.

Fake torrents are quite common and even more so with highly anticipated releases like a “Pirates Of The Caribbean” leak.

Soon after the fist fake, another one followed, this one carrying the name of movie distribution group ETRG. After the first people downloaded a copy, it quickly became clear that this was spam as well, and the torrent was swiftly removed from The Pirate Bay.

Unfortunately, however, some reporters confused the fake releases with the real deal. Without verifying the actual content of the files, news reports claimed that Pirates Of The Caribbean had indeed leaked.

“Hackers Dump Pirates of the Caribbean On Torrent Sites Ahead of Premiere,” Softpedia reported, followed by the award-winning security blog Graham Cluley who wrote that the “New Pirates of the Caribbean movie leaked online.”

Leaks? (via Softpedia)

The latter was also quick to point to a likely source of the leak. Hacker group The Dark Overlord was cited as the prime candidate, even though there were no signs linking it to the leak in question. This is off for a group that regularly takes full public credit for its achievements.

News site Fossbytes also appeared confident that The Dark Overlord was behind the reported (but fake) leaks, pretty much stating it as fact.

“The much-awaited Disney movie Pirates Of The Caribbean 5 Dead Men Tell No Tales was compromised by a hacker group called TheDarkOverlord,” the site reported.

Things got more confusing when the torrent files in question disappeared from The Pirate Bay. In reality, moderators simply removed the spam, as they usually do, but the reporters weren’t convinced and speculated that the ‘hackers’ could have reuploaded the files elsewhere.

A few hours later another ‘leak’ appeared on The Pirate Bay, confirming these alleged suspicions. This time it was a 54GB file which actually had “DARK-OVERL” in the title.

DARK-OVERL!!!

Soon after the torrent appeared online someone added a spam comment suggesting that it had a decent quality. One of the reporters picked this up and wrote that “comments indicate the quality is quite high.”

Again, at this point, none of the reporters had verified that the leaks were real. Still, the news spread further and further.

TorrentFreak also kept an eye on the developments and reached out to a source who said he’d obtained a copy of the 54GB release. This pirate was curious, but didn’t get what he was hoping for.

The file in question did indeed contain video material, he informed us. However, instead of an unreleased copy of the Pirates Of The Caribbean 5, he says he got several copies of an animation movie – Trolls…..

“Turns out, the iso contains a couple of .rar files that house a bunch of Trolls DVDs. I hope everyone learned their lesson, if it’s too good to be true it probably is.”

Indeed it is.

In the spirit of this article we have to stress that we didn’t verify the contents of the (now deleted) “Trolls” torrent ourselves. However, it’s clear that the fake leaks trolled several writers and pirates.

We reached out to Softpedia reporter Gabriela Vatu and Graham Cluley, who were both very receptive to our concerns and updated the initial articles to state that the leaks were not verified.

Let’s hope that this will stop the rumors from spreading any further.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

AWS Lambda Support for AWS X-Ray

Post Syndicated from Randall Hunt original https://aws.amazon.com/blogs/aws/aws-lambda-support-for-aws-x-ray/

Today we’re announcing general availability of AWS Lambda support for AWS X-Ray. As you may already know from Jeff’s GA POST, X-Ray is an AWS service for analyzing the execution and performance behavior of distributed applications. Traditional debugging methods don’t work so well for microservice based applications, in which there are multiple, independent components running on different services. X-Ray allows you to rapidly diagnose errors, slowdowns, and timeouts by breaking down the latency in your applications. I’ll demonstrate how you can use X-Ray in your own applications in just a moment by walking us through building and analyzing a simple Lambda based application.

If you just want to get started right away you can easily turn on X-Ray for your existing Lambda functions by navigating to your function’s configuration page and enabling tracing:

Or in the AWS Command Line Interface (CLI) by updating the functions’s tracing-config (Be sure to pass in a --function-name as well):

$ aws lambda update-function-configuration --tracing-config '{"Mode": "Active"}'

When tracing mode is active Lambda will attempt to trace your function (unless explicitly told not to trace by an upstream service). Otherwise, your function will only be traced if it is explicitly told to do so by an upstream service. Once tracing is enabled, you’ll start generating traces and you’ll get a visual representation of the resources in your application and the connections (edges) between them. One thing to note is that the X-Ray daemon does consume some of your Lambda function’s resources. If you’re getting close to your memory limit Lambda will try to kill the X-Ray daemon to avoid throwing an out-of-memory error.

Let’s test this new integration out by building a quick application that uses a few different services.


As twenty-something with a smartphone I have a lot of pictures selfies (10000+!) and I thought it would be great to analyze all of them. We’ll write a simple Lambda function with the Java 8 runtime that responds to new images uploaded into an Amazon Simple Storage Service (S3) bucket. We’ll use Amazon Rekognition on the photos and store the detected labels in Amazon DynamoDB.

service map

First, let’s define a few quick X-Ray vocabulary words: subsegments, segments, and traces. Got that? X-Ray is easy to understand if you remember that subsegments and segments make up traces which X-Ray processes to generate service graphs. Service graphs make a nice visual representation we can see above (with different colors indicating various request responses). The compute resources that run your applications send data about the work they’re doing in the form of segments. You can add additional annotations about that data and more granular timing of your code by creating subsgements. The path of a request through your application is tracked with a trace. A trace collects all the segments generated by a single request. That means you can easily trace Lambda events coming in from S3 all the way to DynamoDB and understand where errors and latencies are cropping up.

So, we’ll create an S3 bucket called selfies-bucket, a DynamoDB table called selfies-table, and a Lambda function. We’ll add a trigger to our Lambda function for the S3 bucket on ObjectCreated:All events. Our Lambda function code will be super simple and you can look at it in it’s entirety here. With no code changes we can enable X-Ray in our Java function by including the aws-xray-sdk and aws-xray-sdk-recorder-aws-sdk-instrumentor packages in our JAR.

Let’s trigger some photo uploads and get a look at the traces in X-Ray.

We’ve got some data! We can click on one of these individual traces for a lot of detailed information on our invocation.

In the first AWS::Lambda segmet we see the dwell time of the function, how long it spent waiting to execute, followed by the number of execution attempts.

In the second AWS::Lambda::Function segment there are a few possible subsegments:

  • The inititlization subsegment includes all of the time spent before your function handler starts executing
  • The outbound service calls
  • Any of your custom subsegments (these are really easy to add)

Hmm, it seems like there’s a bit of an issue on the DynamoDB side. We can even dive deeper and get the full exception stacktrace by clicking on the error icon. You can see we’ve been throttled by DynamoDB because we’re out of write capacity units. Luckily we can add more with just a few clicks or a quick API call. As we do that we’ll see more and more green on our service map!

The X-Ray SDKs make it super easy to emit data to X-Ray, but you don’t have to use them to talk to the X-Ray daemon. For Python, you can check out this library from rackspace called fleece. The X-Ray service is full of interesting stuff and the best place to learn more is by hopping over to the documentation. I’ve been using it for my @awscloudninja bot and it’s working great! Just keep in mind that this isn’t an official library and isn’t supported by AWS.

Personally, I’m really excited to use X-Ray in all of my upcoming projects because it really will save me some time and effort debugging and operating. I look forward to seeing what our customers can build with it as well. If you come up with any cool tricks or hacks please let me know!

– Randall

Building a Secure Cross-Account Continuous Delivery Pipeline

Post Syndicated from Anuj Sharma original https://aws.amazon.com/blogs/devops/aws-building-a-secure-cross-account-continuous-delivery-pipeline/

Most organizations create multiple AWS accounts because they provide the highest level of resource and security isolation. In this blog post, I will discuss how to use cross account AWS Identity and Access Management (IAM) access to orchestrate continuous integration and continuous deployment.

Do I need multiple accounts?

If you answer “yes” to any of the following questions you should consider creating more AWS accounts:

  • Does your business require administrative isolation between workloads? Administrative isolation by account is the most straightforward way to grant independent administrative groups different levels of administrative control over AWS resources based on workload, development lifecycle, business unit (BU), or data sensitivity.
  • Does your business require limited visibility and discoverability of workloads? Accounts provide a natural boundary for visibility and discoverability. Workloads cannot be accessed or viewed unless an administrator of the account enables access to users managed in another account.
  • Does your business require isolation to minimize blast radius? Separate accounts help define boundaries and provide natural blast-radius isolation to limit the impact of a critical event such as a security breach, an unavailable AWS Region or Availability Zone, account suspensions, and so on.
  • Does your business require a particular workload to operate within AWS service limits without impacting the limits of another workload? You can use AWS account service limits to impose restrictions on a business unit, development team, or project. For example, if you create an AWS account for a project group, you can limit the number of Amazon Elastic Compute Cloud (Amazon EC2) or high performance computing (HPC) instances that can be launched by the account.
  • Does your business require strong isolation of recovery or auditing data? If regulatory requirements require you to control access and visibility to auditing data, you can isolate the data in an account separate from the one where you run your workloads (for example, by writing AWS CloudTrail logs to a different account).
  • Do your workloads depend on specific instance reservations to support high availability (HA) or disaster recovery (DR) capacity requirements? Reserved Instances (RIs) ensure reserved capacity for services such as Amazon EC2 and Amazon Relational Database Service (Amazon RDS) at the individual account level.

Use case

The identities in this use case are set up as follows:

  • DevAccount

Developers check the code into an AWS CodeCommit repository. It stores all the repositories as a single source of truth for application code. Developers have full control over this account. This account is usually used as a sandbox for developers.

  • ToolsAccount

A central location for all the tools related to the organization, including continuous delivery/deployment services such as AWS CodePipeline and AWS CodeBuild. Developers have limited/read-only access in this account. The Operations team has more control.

  • TestAccount

Applications using the CI/CD orchestration for test purposes are deployed from this account. Developers and the Operations team have limited/read-only access in this account.

  • ProdAccount

Applications using the CI/CD orchestration tested in the ToolsAccount are deployed to production from this account. Developers and the Operations team have limited/read-only access in this account.

Solution

In this solution, we will check in sample code for an AWS Lambda function in the Dev account. This will trigger the pipeline (created in AWS CodePipeline) and run the build using AWS CodeBuild in the Tools account. The pipeline will then deploy the Lambda function to the Test and Prod accounts.

 

Setup

  1. Clone this repository. It contains the AWS CloudFormation templates that we will use in this walkthrough.
git clone https://github.com/awslabs/aws-refarch-cross-account-pipeline.git
  1. Follow the instructions in the repository README to push the sample AWS Lambda application to an AWS CodeCommit repository in the Dev account.
  2. Install the AWS Command Line Interface as described here. To prepare your access keys or assume-role to make calls to AWS, configure the AWS CLI as described here.

Walkthrough

Note: Follow the steps in the order they’re written. Otherwise, the resources might not be created correctly.

  1. In the Tools account, deploy this CloudFormation template. It will create the customer master keys (CMK) in AWS Key Management Service (AWS KMS), grant access to Dev, Test, and Prod accounts to use these keys, and create an Amazon S3 bucket to hold artifacts from AWS CodePipeline.
aws cloudformation deploy --stack-name pre-reqs \
--template-file ToolsAcct/pre-reqs.yaml --parameter-overrides \
DevAccount=ENTER_DEV_ACCT TestAccount=ENTER_TEST_ACCT \
ProductionAccount=ENTER_PROD_ACCT

In the output section of the CloudFormation console, make a note of the Amazon Resource Number (ARN) of the CMK and the S3 bucket name. You will need them in the next step.

  1. In the Dev account, which hosts the AWS CodeCommit repository, deploy this CloudFormation template. This template will create the IAM roles, which will later be assumed by the pipeline running in the Tools account. Enter the AWS account number for the Tools account and the CMK ARN.
aws cloudformation deploy --stack-name toolsacct-codepipeline-role \
--template-file DevAccount/toolsacct-codepipeline-codecommit.yaml \
--capabilities CAPABILITY_NAMED_IAM \
--parameter-overrides ToolsAccount=ENTER_TOOLS_ACCT CMKARN=FROM_1st_Step
  1. In the Test and Prod accounts where you will deploy the Lambda code, execute this CloudFormation template. This template creates IAM roles, which will later be assumed by the pipeline to create, deploy, and update the sample AWS Lambda function through CloudFormation.
aws cloudformation deploy --stack-name toolsacct-codepipeline-cloudformation-role \
--template-file TestAccount/toolsacct-codepipeline-cloudformation-deployer.yaml \
--capabilities CAPABILITY_NAMED_IAM \
--parameter-overrides ToolsAccount=ENTER_TOOLS_ACCT CMKARN=FROM_1st_STEP  \
S3Bucket=FROM_1st_STEP
  1. In the Tools account, which hosts AWS CodePipeline, execute this CloudFormation template. This creates a pipeline, but does not add permissions for the cross accounts (Dev, Test, and Prod).
aws cloudformation deploy --stack-name sample-lambda-pipeline \
--template-file ToolsAcct/code-pipeline.yaml \
--parameter-overrides DevAccount=ENTER_DEV_ACCT TestAccount=ENTER_TEST_ACCT \
ProductionAccount=ENTER_PROD_ACCT CMKARN=FROM_1st_STEP \
S3Bucket=FROM_1st_STEP--capabilities CAPABILITY_NAMED_IAM
  1. In the Tools account, execute this CloudFormation template, which give access to the role created in step 4. This role will be assumed by AWS CodeBuild to decrypt artifacts in the S3 bucket. This is the same template that was used in step 1, but with different parameters.
aws cloudformation deploy --stack-name pre-reqs \
--template-file ToolsAcct/pre-reqs.yaml \
--parameter-overrides CodeBuildCondition=true
  1. In the Tools account, execute this CloudFormation template, which will do the following:
    1. Add the IAM role created in step 2. This role is used by AWS CodePipeline in the Tools account for checking out code from the AWS CodeCommit repository in the Dev account.
    2. Add the IAM role created in step 3. This role is used by AWS CodePipeline in the Tools account for deploying the code package to the Test and Prod accounts.
aws cloudformation deploy --stack-name sample-lambda-pipeline \
--template-file ToolsAcct/code-pipeline.yaml \
--parameter-overrides CrossAccountCondition=true \
--capabilities CAPABILITY_NAMED_IAM

What did we just do?

  1. The pipeline created in step 4 and updated in step 6 checks out code from the AWS CodeCommit repository. It uses the IAM role created in step 2. The IAM role created in step 4 has permissions to assume the role created in step 2. This role will be assumed by AWS CodeBuild to decrypt artifacts in the S3 bucket, as described in step 5.
  2. The IAM role created in step 2 has permission to check out code. See here.
  3. The IAM role created in step 2 also has permission to upload the checked-out code to the S3 bucket created in step 1. It uses the KMS keys created in step 1 for server-side encryption.
  4. Upon successfully checking out the code, AWS CodePipeline triggers AWS CodeBuild. The AWS CodeBuild project created in step 4 is configured to use the CMK created in step 1 for cryptography operations. See here. The AWS CodeBuild role is created later in step 4. In step 5, access is granted to the AWS CodeBuild role to allow the use of the CMK for cryptography.
  5. AWS CodeBuild uses pip to install any libraries for the sample Lambda function. It also executes the aws cloudformation package command to create a Lambda function deployment package, uploads the package to the specified S3 bucket, and adds a reference to the uploaded package to the CloudFormation template. See here.
  6. Using the role created in step 3, AWS CodePipeline executes the transformed CloudFormation template (received as an output from AWS CodeBuild) in the Test account. The AWS CodePipeline role created in step 4 has permissions to assume the IAM role created in step 3, as described in step 5.
  7. The IAM role assumed by AWS CodePipeline passes the role to an IAM role that can be assumed by CloudFormation. AWS CloudFormation creates and updates the Lambda function using the code that was built and uploaded by AWS CodeBuild.

This is what the pipeline looks like using the sample code:

Conclusion

Creating multiple AWS accounts provides the highest degree of isolation and is appropriate for a number of use cases. However, keeping a centralized account to orchestrate continuous delivery and deployment using AWS CodePipeline and AWS CodeBuild eliminates the need to duplicate the delivery pipeline. You can secure the pipeline through the use of cross account IAM roles and the encryption of artifacts using AWS KMS. For more information, see Providing Access to an IAM User in Another AWS Account That You Own in the IAM User Guide.

References